cancel
Showing results for 
Search instead for 
Did you mean: 

Two-factor authentication at login

Camera4617
Town Hero / Héro de la Ville

Not a question, but more a comment or feature request. I love that PM added this option, but as implemented it feels it is half-done. We should have an option to 'remember' this device for some reasonable time (standard is 30 days) so we don't have to every time we login, re-authenticate. That should not be too hard to implement and my wish is that it gets done..

 

14 REPLIES 14

darlicious
Mayor / Maire

@Camera4617 

Well that's the difference between you and me. Public mobile made the security of my account weaker to protect the customers who are already lackadaisical about account security. I don't let anything "remember me" that alone I believe is leaving yourself open to be hacked. I don't use technology for my security online i only use my brain.....as far as i know no one has hacked it yet? 🧠 To each their own. 😀

Camera4617
Town Hero / Héro de la Ville

@darlicious wrote:

@hTideGnow @Camera4617 

As much as you may believe pm implementing 2FA made your account more secure in fact it has made it less secure. Now if a fraudster or a hacker gains access to your email or your phone there is nothing stopping them from resetting your password and gaining access to your account. Previously they would have to provide the answer to your security question. That is a far harder to accomplish especially if you make a habit of changing it. Disabling 2FA on your account does not put it at that higher of a risk if you practice good internet security of keeping your personal identity info private, use strong  separate passwords for your accounts and if you additionally use an account specific email for your pm account.

 

I would much prefer to have the option of not having 2FA but the return of the security question and answer, removal of the ability to reset your account pin # back to the customer support back end and the ability to change the login username to an actual username vs the email. These would make your self serve account far more secure than it is currently with 2FA.


That's your opinion and in mine, that's not correct. Majority of people for 'security question' put something that can be easily find on their social profiles, like where they were born, what is their pet name etc. I do have email protected with super-strong password + 2FA and I would be really surprised if somebody gets in. I don't use phone number for 2FA for my email, only TOTP apps. If they get my phone, then I would worry about more than just my 'Public Mobile' account but there is also some protection there too. Point is, nothing is bulletproof secure, but if somebody is able to get though all these things to get into my account, I'm sure they are able to get in places where they can benefit much more. As for Public Mobile, I cannot impact on what they do or not, all I was saying is that they should have implemented some 'remember me' feature..  

darlicious
Mayor / Maire

@hTideGnow @Camera4617 

As much as you may believe pm implementing 2FA made your account more secure in fact it has made it less secure. Now if a fraudster or a hacker gains access to your email or your phone there is nothing stopping them from resetting your password and gaining access to your account. Previously they would have to provide the answer to your security question. That is a far harder to accomplish especially if you make a habit of changing it. Disabling 2FA on your account does not put it at that higher of a risk if you practice good internet security of keeping your personal identity info private, use strong  separate passwords for your accounts and if you additionally use an account specific email for your pm account.

 

I would much prefer to have the option of not having 2FA but the return of the security question and answer, removal of the ability to reset your account pin # back to the customer support back end and the ability to change the login username to an actual username vs the email. These would make your self serve account far more secure than it is currently with 2FA.

Camera4617
Town Hero / Héro de la Ville

@BruceRoberts wrote:

You can turn off the 2 step verification. I have mine off and no problems.


I have 2FA on every site that allows and there is a reason to have it. It might be a bit less valuable now ,as in my opinion, the biggest importance is to prevent SIM hijacking which now is kind of prevented by SMS that you have to reply to approve it. My point is that PM implemented it and spent quite a bit effort to have it, but due to not having this 'remember me' option which is simply cookie with expiry date, many users will turn it OFF, so what's the point. 

Hi @BruceRoberts 

 

better to keep it on for extra protection instead of opt for the convenience.   Hacker can get into your accout easier without 2FA,they can then am sawp and then start talking over your email,  bank after that

BruceRoberts
Good Citizen / Bon Citoyen

You can turn off the 2 step verification. I have mine off and no problems.


@hTideGnow wrote:

better to be correct than being the first wrong reply  🤣😅

Beautiful. It's the problem with racing to be first. You miss the subject line, you mis-interpret, you don't understand what the customer was actually looking for, you bang in something as a first impulse. But it's wrong. Or unnecessary or irrelevant.

There's nothing wrong with being in the first group of people to answer in the first few minutes of a thread. Different people will read different things into different styles of writing. Next thing you know the third of five immediate answers gets the solution just because it somehow clicked with the customer even though all those answers were right. Or not.


@Handy1 wrote:

@shinchu99  LOL I got messed up with the tittle , and my fingers went faster then my brain 


Hi @Handy1   haha.. but you edit at 2 mins later was still wrong.. still talking about community login

 

maybe you can slow down your typing and no need to get reply #1 all the time?  better to be correct than being the first wrong reply  🤣😅

shinchu99
Good Citizen / Bon Citoyen

@hTideGnow  OH HAHA. 

 

HI@shinchu99 , you got fooled by @Handy1 's reply.  @Camera4617  never mentioned about Community using 2FA  

shinchu99
Good Citizen / Bon Citoyen

@Camera4617 signing in the community don't have the Two factor authentication, the only two factor authentication will be login in to your account mobile account providing the two factor authentication its an safety feature but you can turn it off though if you like too but every time you log in U need to Enter Two factor authentication. LOL i never had this two authentication on public mobile community sign in..

 

 

hTideGnow
Mayor / Maire

hi @Handy1 read first. resd slowly.OP was suggesting new features.. OP never said he had problems with signing into Community either.. not sure where you got that

hTideGnow
Mayor / Maire

hi @Camera4617 that's a good suggestion.  Some of my friends disable 2FA because of the trouble.  I see it as not a wise move.  If there is a trusted device option, I think less people will disable that.

 

But again, it takes forever for PM to bring in new features 

Need Help? Let's chat.